VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

The cybersecurity skills crisis continues on a downward trend, impacting over half (57%) of large organizations. At the same time, companies are incurring steep costs from data breaches, with breaches costing companies an average of $4.24 million per incident — a nearly 10% increase over 2020.

Those stats are according to separate reports released today by IBM and the Information Systems Security Association (ISSA), which paint a picture of a cybersecurity industry facing multiple challenges as the pandemic accelerates digital transformations. In partnership with the Enterprise Strategy Group (ESG), the ISSA published its fifth annual global survey of cybersecurity professionals, while IBM launched its 17th annual Cost of a Data Breach report with the Ponemon Institute.

According to ISSA and ESG, the cybersecurity skills shortage and its impacts haven’t improved over the past few years, and 44% of professionals say it’s only gotten worse. A major factor is the lack of “appropriate” compensation, with 38% of respondents to the survey citing it as their top reason.

The findings agree with a recent International Information System Security Certification Consortium study, which pegs the number of unfilled cybersecurity positions around the world at 4.07 million. That same report projects that the industry will triple in size year-over-year through 2022, potentially exacerbating the problem.


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

Part of the problem is that cybersecurity professionals don’t have well-defined careers or find themselves working in security without a complete skill set. Last year’s ISSA and ESG survey revealed that “growth activities,” such as finding a mentor, getting cybersecurity certifications, taking on internships, and joining a professional organization, were the missing steps in their journeys. Moreover, executives often don’t understand the role of information security, so cybersecurity leaders are forced to take on advocacy roles to develop talent on-staff.

Rising cost of breaches

The worsening skills shortage comes as companies are adopting breach-prone remote work arrangements in light of the pandemic. In its report today, IBM found that the shift to remote work led to more expensive data breaches, with breaches costing over $1 million more on average when remote work was indicated as a factor in the event.

By industry, data breaches in health care were most expensive at $9.23 million, followed by the financial sector ($5.72 million) and pharmaceuticals ($5.04 million). While lower in overall costs, retail, media, hospitality, and the public sector experienced a large increase in costs versus the prior year.

“Compromised user credentials were most common root cause of data breaches,” IBM reported. “At the same time, customer personal data like names, emails, and passwords was the most common type of information leaked — a dangerous combination that could provide attackers with leverage for future breaches.”

IBM says that it found that “modern” security approaches reduced expenses, with AI, security analytics, and encryption being the top three mitigating factors. Together, these technologies saved large companies an estimated $1.25 million to $1.49 million. Hybrid cloud approaches also led to lower data breach costs ($3.61 million) compared with cloud ($4.80 million) and private cloud ($4.55 million) approaches. Moreover, organizations with “mature” zero trust strategies had an average data breach cost of $3.28 million to $1.76 million lower than those who hadn’t embraced the approach to begin with.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.